From a68810e539b0cd84d3028a4c207fbadb38406bee Mon Sep 17 00:00:00 2001 From: Mats Klepsland Date: Mon, 31 May 2021 12:57:05 +0200 Subject: [PATCH] Add test for Bug #4503 --- tests/bug-4503/input.pcap | Bin 0 -> 299 bytes tests/bug-4503/test.rules | 4 ++++ tests/bug-4503/test.yaml | 11 +++++++++++ 3 files changed, 15 insertions(+) create mode 100644 tests/bug-4503/input.pcap create mode 100644 tests/bug-4503/test.rules create mode 100644 tests/bug-4503/test.yaml diff --git a/tests/bug-4503/input.pcap b/tests/bug-4503/input.pcap new file mode 100644 index 0000000000000000000000000000000000000000..308913b79fbe181cdbb57862b7829938640e37dc GIT binary patch literal 299 zc-p&ic+)~A1{MYw`2U}Qfe}a_iQAlDDa^tU1!RLT8#@Q5fFJ`S6Eh1d2ZJjEgU_kQ z3=9r}Q$4vD7*aWaVA5O$QwEEfa;i;?3Sc9E1~D2k8ZjC(nt;p%3TX;JEa73`V&Dj0 z-&XB^!#4qBlYJ!%!%U#WOl&rFTg_%*uoTn@2H66#jlmRXS9wvkYE$E4uuY5@HnD-I zz%m90#zdZ?{QMH#;?$zD)S_bMywnl~*1Y19oD?1)KeIS9Jx@0sD4v|3%TQ5v$%BD` Xor8gaxrKq#ssU(11JKb-(4YYT#rHMd literal 0 Hc-jL100001 diff --git a/tests/bug-4503/test.rules b/tests/bug-4503/test.rules new file mode 100644 index 000000000..95117dfba --- /dev/null +++ b/tests/bug-4503/test.rules @@ -0,0 +1,4 @@ +alert ip any any -> 8.8.8.8 any (msg:"The first rule"; threshold: type limit, track by_rule, count 5, seconds 300; sid:1;) +alert ip any any -> 4.3.2.1 any (msg:"The second rule"; priority:1; sid:2;) +alert ip any any -> 1.2.3.4 any (msg:"The third rule"; priority:2; sid:3;) +alert ip any any -> 5.6.7.8 any (msg:"The fourth rule"; priority:2; sid:4;) diff --git a/tests/bug-4503/test.yaml b/tests/bug-4503/test.yaml new file mode 100644 index 000000000..b03d47641 --- /dev/null +++ b/tests/bug-4503/test.yaml @@ -0,0 +1,11 @@ +requires: + features: + - HAVE_LIBJANSSON + min-version: 6 + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 -- 2.47.2